Tor - The Yin or the Yang? 139
An anonymous reader writes "Whitedust is running a interesting article on Tor, The Onion Router project sponsored by the EFF. Tor aims to offer anonymous internet use. Once sponsored by the Naval Research Lab with support from DARPA, it is now managed by The Free Haven Project. Although Tor claims to improve safety and security, the article goes into detail on how Tor can be used as a anonymous attack platform."
Google fight: (Score:1, Funny)
Just have to say it... (Score:1, Informative)
Re:Just have to say it... (Score:2)
Cultural Idiots (Score:2, Informative)
Re:Cultural Idiots (Score:3, Informative)
Re:Cultural Idiots (Score:2)
Re:Cultural Idiots (Score:1)
Re:Cultural Idiots (Score:1, Insightful)
Re:Cultural Idiots (Score:3, Informative)
It's the "Yin and Yang", or the 'Yin-Yang' as I understand it-- two opposite pieces of the same energy, both integral and complementary to each other. They cannot be removed from the whole, or the whole is destroyed.
Using the word 'or' actually distorts the original meaning-- 'or' imply two different pieces, the Yin OR Yang-- with we're really talking about one thing.
Yes, this sounds pedantic, but I think it's actually an important difference.
Re:Cultural Idiots (Score:2, Insightful)
Yin and Yang are opposites. They are two separate concepts that, together, balance one another out. If one or the other is too out of balance, you see problems, according to the theory.
But the fact that yin or yang energy can be out of balance would indicate they are, in fact, two different things. Look at Chinese medicine, some substances are considered to have a strong 'yin' value, others to be primarily 'yang'.
In short, you're getting it ri
Re:Cultural Idiots (Score:2)
It should be 'Yin and Yang' never 'Yin or Yang,' and upon looking at an actual picture [tk421.net] you may see why.
You cannot have good without evil, or hot without cold, because if something is relative, you always have to have something to measure it against.
Also, a much better arguement, in this particular case, is that the Yin contains the seed of the Yang, and the Yang the seed of the Yin. One never exists without atleast a little bit of the other.
Re:Cultural Idiots (Score:1)
Look at the picture homeboys.
http://en.wikipedia.org/wiki/Taoism [wikipedia.org]
Re:Cultural Idiots (Score:2)
Thank you. I feel that I would have made my instructors finally feel that their tutelage was not entirely wasted.
Religion, cultural references... (Score:2)
Of course, i could be wrong, and the yin / yang mentioned by the submitter is just out of topic.
Re:Religion, cultural references... (Score:2)
The Ying-Yang is emphasising the fact that it can be used for good or bad, just like every other tool ever invented.
Re:Religion, cultural references... (Score:1)
Re:Religion, cultural references... (Score:2)
Not if he means "Up Yours" (Score:2)
Re:A little sensitive? (Score:2)
It's not like the stories are expedited from submission to posting.. the editors here get paid money, and for that they should strive towards something better and more respectable. How hard would it be to spell-check submissions? Not hard at all.
And there's fundamentally a difference between fat-fingering "the" (which should get caught) and not knowing enough to spot "yin-yang". Perhaps
anon attack platform? yup! (Score:5, Insightful)
It's not hard to modify the client to do nasties for you. hell it can be used to attack any web forum easily without modification.
unfortunately the kiddies discovered it useful for attacking already.
Re:anon attack platform? yup! (Score:5, Insightful)
IRC is a relic from the ancient design museum, a reminder that once, when the internet was young, everyone who could run a server on the 'net could be trusted. SMTP is the same way, along with a number of other fossilized protocols. These protocols, if they are to continue to be useful in the new age of IP spoofing, dynamic IPs, and wormhole routing, need to be redesigned with a modicum of security built into them.
Most people aren't willing to create an account with their real email address to post crapfloods. The few who do can be easily banned by email address.
I know, I know, I'm posting on the world's biggest counterexample for my opinion. Such is life.
WHICH real email address? (Score:2, Insightful)
Or do you mean the 'real' email address that belongs to one of the more obscure web-based email services?
Real authentication is impractical in large numbers; this is why it has never been implemented. It barely worked when you sent a photo copy of your drivers' license in to your local BBS; but now, in t
Re:WHICH real email address? (Score:2)
Re: (Score:1)
Re:anon attack platform? yup! (Score:3, Informative)
Re:anon attack platform? yup! (Score:2)
Re: artistic names (Score:1)
Why are you hiding behind a nickname?
Do you have something to hide?
You'd never see me hiding behind some ridiculous nickname.
Your friend,
some guy I know
Re: artistic names (Score:2)
Re: artistic names (Score:1)
You see, I was criticizing you for using a ridiculous nickname, when my own nickname is just as ridiculous.
To make this clear, I signed my post, which I normally never do.
Intentional hypocracy is supposed to be funny here on Slashdot, and, occasionally, elsewhere.
It's like those posts that begin "Your a moron.", which is a kind of joke because the intentionally mis-spelled "You're" is showing that the person who stated "Your a moron." is also a moron.
(A similar situation is
Re:anon attack platform? yup! (Score:2)
Re:anon attack platform? yup! (Score:1)
Re:anon attack platform? yup! (Score:2)
Actually, it's also being used by security professionals and pen-testers for legitimate testing and assessment. There's currently a discussion regarding TOR for pen-testing purposes on the SecurityFocus pen-test mailing list. See http://securityfocus.com/archive/101/406238/30/0/ t hreaded [securityfocus.com].
Just because the kiddies are using it doesn't minimize the usefulness of the protocol. Bitorrent, P2P, and other protocols face the same abuse issu
I say negative outweighs the positive. (Score:2, Informative)
Too bad... (Score:2)
IRC is great and all, but it is at the outer edges of the online universe to say the least.
Of course it can be abused (Score:5, Insightful)
Re:Of course it can be abused (Score:3, Informative)
But you don't just want a free society, you want a just society. When people can commit crimes anonymously, there is no punishment.
So avoid facism, but retain your ability to punish those to actually do break the law.
Re:Of course it can be abused (Score:2)
Seriously. I've recently started a website that has an online forum (what, you were expecting a link? I'm not eager for a /.'ing) after a schism with another online forum, and I've gotten wave after wave of trolls coming over and wrecking the place.
I had most of them banned, and the ones with static IP addresses banned by the IP, and then one of them brilliantly discovered the use of proxies and anonymous surfing sites (it was brilliant for a bunch of trolls, atleast), and I was back at square one.
I'm r
Re:Of course it can be abused (Score:2)
You need to distinguish between someone who provides unpleasant information and someone who engages in physical assault. Calling people names is not grounds for cracking skulls or any such response. "Sticks and st
Re:Of course it can be abused (Score:2)
The negative to anonymity is that immature or socially maladjusted individuals can destroy the signal to noise ratio in a forum with impunity. The criteria you are "distinguishing" by isn't even relevent in the example shown. The hypothetical tool crying faggot to everyone is not providing unpleasant information. He is purposefully inciting the people around him. Mr. Tool is abusing his freedom of expression and in the non-anonymous setting a variety of social pre
Re:Of course it can be abused (Score:2)
Sir, I don't celebrate Christmas, but I do think I am going to have to get you a gift this year.
Re:Of course it can be abused (Score:2)
-22 Idiotic
"But you don't just want a free society, you want a just society."
No we want a free society. People have been fighting for freedom throughout the ages.
Most people here in the US have relatives who died giving us this freedom.
You want justice at the expense of freedom, go live somewhere else - like a police state, with ID cards, where the authorities have a right to search anyone and sieze anything.
Where they can identify suspected dissenters by tracking their reading materi
Anonymity - For Great Justice (Score:1)
I find arguments against online anonymity to be silly, usually taking two tracks:
A) Hackers will attack us!
B) Bad guys (usually meaning pedophiles) will hide there!
B is a given. I support the death penalty for pedophiles (even
Re:Anonymity - For Great Justice (Score:2)
Re:Of course it can be abused (Score:2)
While I agree that fewer laws would be better for society, I can't agree with your statement that "it MUST be possible for people to do things that are against the law". If people do things that harm other people, they should be punished in proportion to the harm done and the probability of getting caught. If nobody is harm
Re:Of course it can be abused (Score:2)
Re:Of course it can be abused (Score:1)
And I quote:
"So we had to make a shift in the way we thought about things. So being reactive, waiting for a crime to be committed or waiting for there to be evidence of the commission of a crime, didn't seem to us to be an appropriate way to protect the American people." - John Ashcroft; June 5th, 2003 [pbs.org]
Re:Of course it can be abused (Score:2)
Re:Of course it can be abused (Score:1)
RBL tor nodes? (Score:5, Insightful)
Re:RBL tor nodes? (Score:2)
Like this [sectoor.de]?
S
Fantastic! (Score:3, Insightful)
Re:Fantastic! (Score:4, Insightful)
Just as well. Slippery slope is a logical fallacy anyway.
Re:Fantastic! (Score:1)
Re:Fantastic! (Score:2)
It may be a common argument, but the concept that things will generally continue to exhibit the same behavior is a pretty reasonable line of thought.
It's easy to *call* something a fallacy, but think about the implications here. Calling the "slippery slope" argument a fallacy is like calling all of statistics a fallacy.
I think the "slippery slope" "fallacy" is basically a way to allow one person to control the debate about a subject to their
Re:Fantastic! (Score:1)
Yeah, it's a logical fallacy, whop de doo, you know the name of some arguement technique agreed upon by ivory towered professors. It's still a valid to use in a debate considering that emperically it has a very high chance of being true to a small or large degree.
Pointing out that Bush was a C student cokehead is an ad homiem attack, yet it's a perfectly reasonable point about his competency given that he's the President.
There are more things in heaven and earth, Jeff
Re:Fantastic! (Score:1)
The real problem is with the tor nodes who give unrestricted access. If you're running a node in order for people to be able to browser the web anonymously, then
WHY WOULD YOU ALLOW TRAFFIC TO PORT 22 OR 6667?
Most tor nodes don't restrict traffic, and are irresponsible. Don't belive me? Check it out for yourself:
http://serifos.eecs.harvard.edu:8000/cgi-bin/exit. pl?ports=6667&addr=1&textonly=1 [harvard.edu]
Give people anonymity and... (Score:2, Insightful)
Penny Arcade explains it all (Score:1, Troll)
I guess we're seeing here that the size of the audience doesn't really matter, if at all.
-paul
Off Topic (Score:1, Offtopic)
In response to your .sig: What about those of us who realise that a .45 is better for stopping someone on PCP than a .22, but a .22 is better for a Mob-Style, back of the head, execution?
Not that I've ever done either of those. Oh, no.
What, you think I'm lyin'? You callin' me a liar?
You callin' me a liar, issat i-
Er...
Re:Give people anonymity and... (Score:1)
Re:Give people anonymity and... (Score:1)
Extending that argument a bit -- Give people in government anonymity and of course they are going to do bad things with it -- especially when you toss in righteousness and a paycheck. Did you notice the House (USA) just extended the Patriot Act, giving anonymous people a paycheck to watch my web traffic in case I do something bad. Shouldn't we thwart such abuse?against such abuse? Shouldn't the billions whose web traffic is so heavily filtered they don't even know we're having this discussion be invite
Can't be all good (Score:2, Funny)
You can't post to this page.
Solution is obvious (Score:2, Funny)
Whitedust commented that the flaws in Tor could be fixed by moving away from the Onion network to an extended "Onion Ring" network.
RIAA Alert (Score:2)
Tor
KILL
KILL
KILL
My thoughts on Tor. (Score:2, Insightful)
Call me paranoid, but I don't trust anyone other than the intended recipient to decrypt any sensitive data. The way I understand the program to work (correct me if I'm wrong) is that a "trusted" server on the end decrypts your packets and acts as the "proxy" between the tor network and the Inte
Trust anyone you like (Score:2)
If you are sending unencrypted traffic over tor and you really have a need for anonymity you are stoopid anyway and you will die. If you are doing something that could cost you your freedom you need more than one layer - and tor, no matter how big the onion, is still just one layer.
Re:My thoughts on Tor. (Score:2, Insightful)
An example scenario: a US intelligence agent may need to contact an agency server from within a foriegn country. Anyone sniffing packets would notice that a user is connecting to a server at www.someagency.mil, even if the content itself was encrypted. Tor anonymizes the connection, as the agent now connects to one of any number of Tor nodes. Tor uses encryption to protect route and address information, not conte
Re:My thoughts on Tor. (Score:1, Insightful)
1) You don't have to use any particular node or nodes as "trusted". There is no centralization in architecture, only in default configuration.
2) The trusted node can be the intended recipient.
3) You should be using encryption anyway if you care about protecting your data.
Attack platform? Give me a break. (Score:1, Informative)
Latency hurts, however... (Score:5, Informative)
B: You can't quake through Tor. Tor only supports TCP, and it adds a fair bit of latency to boot.
Re:Latency hurts, however... (Score:2)
A> It is the proxy TOR that is sprouting attack packets. Not the TOR network itself. TOR is a carrier, AND a emitter of attack launch platform. You talk only of a stopping the carrier network which is usually beyond your reach.
B> Quake will works through TOR using port redirector and a IP tunnel that works perfectly fine across UDP/TCP boundary. (although why would ANY serious gamer want to do this)
Solves problems here and abroad (Score:3, Interesting)
I think that if anyone is being blocked from visitng any site, anywhere, they should use this to show how stupid and ineffective filters are, especially in schools. Why bother to educate responsibility on the internet when you can force it on kids!
Re:Solves problems here and abroad (Score:2)
Tor is like a bazooka... (Score:2, Funny)
Yin *and* Yang (Score:2)
Anonymity conceals identity. People who commit crimes often don't want to get caught, so anonymity is something they desire.
Nothing to see here; move along.
obsessing on annonimity (Score:1)
Not saying there's anything wrong with acting on fear, but it can't be healthy to live always fearing "Oh no they might see me reading
Re:obsessing on annonimity (Score:1)
theres always the third group who "likes to be different" and test the boundaries of the law... but that group isnt really big enough to count....
it does suck though to live in land where the freedom was paid for with more deaths than id want to count... yet - where everyones getting the opinion that its ok to have some freedoms taken away if it makes you safer... which is basicallyk why people dont fuss about the litt
Re:obsessing on annonimity (Score:2)
Having said that, there are any number of legitimate reasons for using this technology, many of which have already been noted on here. Let's take a slightly different look at things:
There's only two types of people that would bother with annonymous internet usage... those doing something they fear might get them in trouble, and those that fear being monitored regardless if they're
Re:obsessing on annonimity (Score:1)
and you're right, living in fear isn't healthy. but the world is full of massive amounts of oppression and suffering and it is difficult for some to not live in fear every day.
so, while the geeks of the world have privilege and resources and inher
tor countermeasures (Score:2)
a BGP feed of tor hosts.
anyone game?
So what.. (Score:2)
Product built using Tor... (Score:1)
The Tor Abuse FAQ (Score:1)
The Tor project has a FAQ about abuse, from the perspective of Tor server operators and other folks on the internet. Of particular interest are:
Also of interest on the main Tor FAQ is:
Basically, Tor goes through some effort in order to be easy to block, by making sure that you can easily get a list of exactly the Tor nodes
There's good and bad (Score:2, Informative)
Either we stand up to our responsibilities as adults and advanced and civilized people with a sense of honor, propriety, and duty, and chase criminals and terrorists while playing by the traditions, rules, regulations, and laws... or we dispense with our rights, liberties, and privileges in the name of safety and prevention of infractions.
As we all
oooh, scary (Score:1)
Tragedy of the commons (Score:1)
If respectable people don't use TOR for respectable things like breaching the Great Firewall of China, then many respectable people will stop running TOR nodes.
*Traffic that is leaving the TOR network at his node. At this point, it's no longer encrypted.
WOW... (Score:1, Offtopic)
Mod me as Troll, I don't need Good Karma.
Re:Proxies too! (Score:1)
Re:oh my gosh... (Score:2)
Maybe it's "Xing".
Oh, sorry, that's an MP3 encoder.
Re:oh my gosh... (Score:2)
No, it's not. It's an atrocity claiming to be one.
Re:oh my gosh... (Score:1)
You forgot hot. It's Shields by a mile.
By the way, where are the obligatory Whisper Song jokes? (Though I doubt none of us, nevermind the Ying Yang Twins, would consider "Wait 'till ya see my traceroute" to be funny.)
Re:oh my gosh... (Score:1)
That's just LAME! ... D'oh!
Re:the need (Score:5, Informative)
Well for example, it can be used by dissidents to safely express their political views, be it in the PRC, Burma or the United States...
Re:the need (Score:1)
There's a huge difference between what it could be used for and what it is being used for; and what it is being used for isn't worth putting up with the 0.0001% legitimate useage.
Re:the need (Score:3, Informative)
Tell that Kin Yu Jong who's being at risk of being arrested any moment now because he dared write "uh, I dunno, but maybe Tiananmen wasn't so groovy after all" in his fanzine.
Only well-fed and wealthy people like you who live in relative safety in their countries have the luxury to think their comfort rates higher than the needs
Re:the need (Score:1)
Re:the need (Score:1)
What is it good for? To surf the net anonymously. If you live in China, or soon in the EU, that can be a problem. The upcoming EU laws on data retention means that your ISP will keep track of what web pages you request, probably by forcing the customer to go through a central proxy. Some suggest that the ISPs should be allowed to use this information for commercial purposes to help offset their added costs. Now there's something
Re:the need (Score:3, Interesting)
Now let's move on to practice. Say you want to do something pretty much harmless, but frowned upon by society at large, like lighting up a joint, having sex with your girlfr
You have got to be kidding me. (Score:2)
Re:You have got to be kidding me. (Score:2)